{"id":226,"date":"2023-05-01T22:16:40","date_gmt":"2023-05-01T14:16:40","guid":{"rendered":"https:\/\/zysgmzb.club\/?p=226"},"modified":"2023-05-01T22:16:40","modified_gmt":"2023-05-01T14:16:40","slug":"d3ctf2023-wp","status":"publish","type":"post","link":"https:\/\/zysgmzb.club\/index.php\/archives\/226","title":{"rendered":"D^3CTF2023 WP"},"content":{"rendered":"

Misc<\/h2>\n

d3readfile<\/h2>\n

\u8bfb\/var\/cache\/locate\/locatedb\u5f97\u5230\u5168\u6587\u4ef6\u5730\u5740\uff0c\u5728\u91cc\u9762\u641c\u7d22flag\u518d\u8bfb\u5373\u53ef<\/p>\n

\"\"<\/p>\n

d3gif<\/h2>\n

\u5148\u5206\u5e27<\/p>\n

from PIL import Image\nimport os\nimport random\n\nclass GIFTest:\n\n    def __init__(self, file_name):\n        self.file_name = file_name      # \u4f20\u5165\u7684\u6587\u4ef6\u540d\n        self.dir_name = self.file_name[:-4]     # \u6839\u636e\u6587\u4ef6\u540d\u521b\u5efa\u5b58\u653e\u5206\u5e27\u56fe\u7247\u7684\u6587\u4ef6\u5939\n        self.gif_path = os.path.join(os.path.dirname(\n            __file__), file_name)  # \u62fc\u63a5\u56fe\u7247\u6587\u4ef6\u7684\u5b8c\u6574\u8def\u5f84\uff08\u4ec5\u9650\u540c\u4e00\u6587\u4ef6\u5939\u5185\uff09\n        self.make_dir()\n\n    def make_dir(self):\n        """\u7528\u4e8e\u521b\u5efa\u5b58\u653e\u5206\u5e27\u56fe\u7247\u7684\u6587\u4ef6\u5939"""\n        try:\n            os.mkdir(self.dir_name)\n        except FileExistsError:\n            print('<%s>\u6587\u4ef6\u5939\u5df2\u5b58\u5728' % self.dir_name)\n            self.dir_name += str(random.randint(0, 10))\n            os.mkdir(self.dir_name)\n\n    def framing_test(self):\n        """GIF\u56fe\u7247\u5206\u5e27"""\n        img = Image.open(self.gif_path)\n        try:\n            while True:\n                curr = img.tell()\n                name = os.path.join(self.dir_name, '%s.png' % str(curr + 1))\n                img.save(name)\n                img.seek(curr+1)\n        except Exception as e:\n            pass\n\nif __name__ == '__main__':\n    GIFTest('.\/files\/(x,y,bin).gif').framing_test()\n<\/code><\/pre>\n
\u7136\u540e\u8f6c\u4e0brgb(cv2\u91cc\u662fbgr)<\/p>\n
import cv2\nfrom PIL import Image\nimport matplotlib.pyplot as plt\nimport os\nimport numpy as np\n\n# \u6279\u91cf\u8f6c\u7070\u5ea6\u56fe\u5e76\u4fdd\u5b58\n# crack\u6587\u4ef6\u5939\u4e0b\u6279\u91cf\u5904\u7406\u5c06\u7070\u5ea6\u56fe\u8f6c\u6210RGB\u5e76\u4fdd\u5b58\n\ndef convert2gray(filename):                                     # \u5b9a\u4e49\u7070\u5ea6\u56fe\u8f6cRGB\u56fe\u7684\u51fd\u6570\n    img = cv2.imread(file_path+'\/'+filename, 1)                 # 1\u662f\u4ee5BGR\u56fe\u65b9\u5f0f\u53bb\u8bfb\n    RGB_img = cv2.cvtColor(img, cv2.COLOR_BGR2RGB)\n    cv2.imwrite(out_path + '\/RGB' + filename, RGB_img)     # \u4fdd\u5b58\u5728\u65b0\u6587\u4ef6\u5939\u4e0b\uff0c\u4e14\u56fe\u540d\u4e2d\u52a0RGB\n\nfile_path = ".\/photo\/"               # \u8f93\u5165\u6587\u4ef6\u5939         # \u5efa\u7acb\u65b0\u7684\u76ee\u5f55\nout_path = ".\/new\/"            # \u8bbe\u7f6e\u4e3a\u65b0\u76ee\u5f55\u4e3a\u8f93\u51fa\u6587\u4ef6\u5939\nfor i in range(1089):\n    convert2gray(str(i+1)+'.png')  # \u6279\u91cf\u8f6c\u6362\n<\/code><\/pre>\n
\u7136\u540e\u731c\u6d4b\u80cc\u666f\u7684\u989c\u8272\u662f\u548c\u6587\u4ef6\u540d\u4e00\u6837\u7684\uff0c\u76f4\u63a5\u753b33x33\u7684\u4e8c\u7ef4\u7801\u5373\u53ef<\/p>\n
from PIL import Image\nimg = Image.new('RGB', (33, 33))\nfor i in range(1089):\n    imgg = Image.open('.\/new\/RGB'+str(i+1)+'.png')\n    pi = imgg.getpixel((0, 0))\n    x = pi[2]\n    y = pi[1]\n    col = pi[0]\n    img.putpixel((x, y), (col*255, col*255, col*255))\nimg.save('flag.png')<\/code><\/pre>\n
d3image<\/h2>\n
\u5148\u770b\u7248\u672c<\/p>\n
\"\"<\/p>\n
Linux version 4.15.0-142-generic (buildd@lgw01-amd64-039) (gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.12)) #146~16.04.1-Ubuntu SMP Tue Apr 13 09:27:15 UTC 2021 (Ubuntu 4.15.0-142.146~16.04.1-generic 4.15.18)<\/code><\/pre>\n
\u4e00\u773c\u4e01\u771f\uff0c\u76f4\u63a5\u8d77\u4e2aubuntu16\u6765\u505avol2\u7528\u7684profile<\/p>\n
\u505a\u597d\u4e86\u5148\u770b\u773c\u547d\u4ee4\u884c<\/p>\n
\"\"<\/p>\n
\u7279\u522b\u5e72\u51c0\u4f46\u8fd8\u662f\u53ef\u4ee5\u770b\u51fa\u6765\u6302\u4e86\u4e2a\u4ee3\u7406\u53bb\u7528\u706b\u72d0\uff0c\u4e8e\u662f\u731c\u6d4b\u7ed9\u7684\u5bb9\u5668\u662f\u4ee3\u7406<\/p>\n
\u8fd9\u65f6\u5019\u5c31\u53ef\u4ee5\u76f4\u63a5\u6062\u590d\u4e0b\u6587\u4ef6\u7cfb\u7edf<\/p>\n
python2 vol.py -f ..\/mem --profile=Linuxubuntu16142x64 linux_recover_filesystem --dump-dir=..\/file\/<\/code><\/pre>\n
\u7136\u540e\u627e\u5230\u91cc\u9762\u7684proxychains\u7684\u914d\u7f6e\u6587\u4ef6\u5c31\u80fd\u770b\u5230\u6700\u540e\u4e00\u884c\u7684\u4ee3\u7406\u4e86\uff0c\u76f4\u63a5\u7167\u6284\u5e76\u66f4\u6539\u5730\u5740<\/p>\n
socks5  192.168.31.136 51234 Gigantic_Splight Tearalaments_Kitkalos<\/code><\/pre>\n
\u7136\u540e\u627e\u4e86\u5f88\u4e45\u7684\u706b\u72d0\u76f8\u5173\u8bb0\u5f55\u6ca1\u6709\u5565\u7ed3\u679c\uff0c\u4e8e\u662fwinhex\u6253\u5f00\u5185\u5b58\u55ef\u770b\uff0c\u53d1\u73b0\u4e86\u4e24\u4e2a\u53ef\u7591\u7684\u5730\u5740<\/p>\n
127.0.0.1:2333\n127.0.0.1:2333\/magic.7z<\/code><\/pre>\n
\u4e00\u773c\u662f\u8981\u6302\u4ee3\u7406\u8bbf\u95ee\u7684\uff0c\u4e8e\u662f\u8bd5\u4e86\u4e00\u4e0b\u679c\u7136\u6709\u4e1c\u897f\uff0c\u4e8e\u662f\u5f97\u5230\u4e0b\u4e00\u6b65\u7684\u538b\u7f29\u5305\u548c\u4e00\u4e2a\u9700\u8981token\u7684\u7f51\u7ad9<\/p>\n
\u538b\u7f29\u5305\u5f88\u5927\uff0c\u4f46\u662f\u7ecf\u8fc7hint\u4ee5\u53ca\u8111\u6d1e\u4ee5\u53ca\u591a\u6b21\u5c1d\u8bd5\uff0c\u6700\u7ec8\u627e\u5230\u4e86\u9690\u5199\u7684\u65b9\u6cd5\uff0c\u5c31\u662fip\u4e3a10.0.0.0~10.76.223.231\u7684\u8303\u56f4\uff0c\u4e00\u5171\u67095038056\u79cd\uff0c\u5e76\u4e14\u5176\u4e2d\u7684\u6bcf\u4e00\u79cd\u90fd\u6709\u76f8\u5e94\u7684\u8bf7\u6c42\u6216\u54cd\u5e94\u8bb0\u5f55\uff0c\u518d\u52a0\u4e0a5038056\u662f8\u7684\u500d\u6570\u4ee5\u53cahint\u4e2d\u7684\u662f\u5426\u53ef\u8fbe\uff0c\u5f88\u5bb9\u6613\u8054\u60f3\u5230\u4e8c\u8fdb\u5236\uff0c\u4e8e\u662f\u5199\u811a\u672c\u624b\u6413pcap\u6765\u5224\u65ad\u6bcf\u4e00\u4e2aip\u662f\u5426\u53ef\u8fbe\uff0c\u8981\u5206\u597d\u51e0\u79cd\u60c5\u51b5\uff0c\u5728\u8fd9\u4e0d\u591a\u8bf4\u4e86(\u7531\u4e8e\u4e0d\u5927\u4f1a\u7528pyshark\u5c31\u624b\u6413\u4e86\uff0c\u8fd8\u597d\u8fd9\u91cc\u7684\u6d41\u91cf\u90fd\u662f\u4e00\u6837\u957f)<\/p>\n
from tqdm import trange\nf = open('data', 'rb')\nnum = [0]*5038056\nfor i in trange(9131515):\n    dataa = f.read(44)\n    dataaa = dataa[33:36]\n    dataaaa = int.from_bytes(dataaa, byteorder='big')\n    if (dataa[37:38] == b'\\x03' and dataa[36:37] == b'\\x00'):\n        num[dataaaa] = 1\n    if (dataa[36:37] == b'\\x08'):\n        if (num[dataaaa] == 1):\n            num[dataaaa] = 1\n            continue\n        if (num[dataaaa] == 0):\n            num[dataaaa] = 2\n            continue\n        if (num[dataaaa] == 3):\n            num[dataaaa] = 1\n            continue\n\n    if (dataa[37:38] == b'\\x00' and dataa[36:37] == b'\\x00'):\n        if (num[dataaaa] == 1):\n            num[dataaaa] = 1\n            continue\n        if (num[dataaaa] == 0):\n            num[dataaaa] = 3\n            continue\n        if (num[dataaaa] == 2):\n            num[dataaaa] = 0\n            continue\n        if (num[dataaaa] == 3):\n            num[dataaaa] = 1\n            continue\n\nfor i in range(len(num)):\n    if (num[i] == 0):\n        print(1, end='')\n    if (num[i] == 1):\n        print(0, end='')\n    if (num[i] == 2):\n        print(0, end='')\n    if (num[i] == 3):\n        print(0, end='')<\/code><\/pre>\n
\u91cc\u9762\u7684data\u6587\u4ef6\u662fpcap\u5305\u53bb\u6389\u4e86\u6587\u4ef6\u5934<\/p>\n
\u5f97\u5230\u7684\u7ed3\u679c\u89e3\u4e8c\u8fdb\u5236\u521a\u597d\u662f\u4e00\u4e2a7z\u538b\u7f29\u5305\uff0c\u91cc\u9762\u662f\u4e00\u4e2a3d\u6a21\u578b\u6587\u4ef6<\/p>\n
\u4e0b\u4e86\u4e2a\u56fd\u4ea7\u7684\u53eb\u8ffd\u5149\u51e0\u4f55\u6765\u6253\u5f00\uff0c\u7ecf\u8fc7\u6478\u7d22\u53d1\u73b0\u6a21\u578b\u91cc\u9762\u85cf\u4e86\u4e2a\u4e8c\u7ef4\u7801<\/p>\n
\"\"<\/p>\n
\u626b\u7801\u5f97\u5230<\/p>\n
3;A6eI`(J{z29|Gz":Dqt;~h*Bvc$7}c"dw'uBJth$Jg(+4+8x9eG7`>83$q5hF%I*)yrcb3+7$*~Dr"G|:K~C{_"Jv5=B9t9|>bwugCE~d&3fd{H;@hD?(DDz~$h#I%I`IB8zKyfHby3x'yfc56fH35|E8$+KGE@(u`7<\/code><\/pre>\n
\u7136\u540e\u89e3\u5bc6<\/p>\n
\"\"<\/p>\n
\u5f97\u5230token<\/p>\n
4765cdef0101<\/code><\/pre>\n
\u7136\u540e\u518d\u6b21\u6302\u4ee3\u7406\u8bbf\u95ee\u9875\u9762\uff0c\u53ef\u662f\u4e00\u76f4\u662fconnecting\u8f6c\u5708<\/p>\n
\u67e5\u770bjs\u540e\u4e86\u89e3\u662f\u9700\u8981\u4e00\u4e2a\u624b\u67c4\u8fde\u63a5\u624d\u53ef\u4ee5\u8fde\u7684\u4e0a\uff0c\u7531\u4e8e\u4e94\u4e00\u56de\u5bb6\u4e86\u624b\u67c4\u5728\u5b66\u6821\uff0c\u5c31\u91c7\u53d6\u624b\u52a8\u53d1\u5305\u7684\u5f62\u5f0f\u6765\u505a<\/p>\n
\u8981\u53d1\u7684\u5305\u7684\u5f62\u5f0f\u957f\u8fd9\u6837<\/p>\n
await fetch("http:\/\/127.0.0.1:2333\/api\/check", {\n    "credentials": "include",\n    "headers": {\n        "User-Agent": "Mozilla\/5.0 (X11; Linux x86_64; rv:91.0) Gecko\/20100101 Firefox\/91.0",\n        "Accept": "application\/json, text\/plain, *\/*",\n        "Accept-Language": "en-US,en;q=0.5",\n        "Content-Type": "application\/json",\n        "Sec-Fetch-Dest": "empty",\n        "Sec-Fetch-Mode": "cors",\n        "Sec-Fetch-Site": "same-origin"\n    },\n    "referrer": "http:\/\/127.0.0.1:2333\/",\n    "body": "{\\"text\\":\\"\\"}",\n    "method": "POST",\n    "mode": "cors"\n});<\/code><\/pre>\n
token\u7684\u503c\u5c31\u5728body\u91cc\u9762\uff0c\u5e76\u4e14\u9605\u8bfbjs\u53ef\u4ee5\u77e5\u9053token\u662f\u4ee5emoji\u7684\u5f62\u5f0f\u53d1\u51fa\u7684\uff0c\u53ea\u9700\u8981\u627e\u5230\u5bf9\u5e94\u5173\u7cfb\u5e76\u586b\u5728body\u91cc\u53d1\u5305\u5c31\u53ef\u4ee5\u770b\u5230\u8fd4\u56de\u7684\u6570\u636e\u4e86<\/p>\n
await fetch("http:\/\/127.0.0.1:2333\/api\/check", {\n    "credentials": "include",\n    "headers": {\n        "User-Agent": "Mozilla\/5.0 (X11; Linux x86_64; rv:91.0) Gecko\/20100101 Firefox\/91.0",\n        "Accept": "application\/json, text\/plain, *\/*",\n        "Accept-Language": "en-US,en;q=0.5",\n        "Content-Type": "application\/json",\n        "Sec-Fetch-Dest": "empty",\n        "Sec-Fetch-Mode": "cors",\n        "Sec-Fetch-Site": "same-origin"\n    },\n    "referrer": "http:\/\/127.0.0.1:2333\/",\n    "body": "{\\"text\\":\\"\ud83d\udc3b\ud83e\udd54\ud83c\udf46\ud83c\udf49\u2b06\ufe0f\u2b07\ufe0f\u2b05\ufe0f\u27a1\ufe0f\ud83c\udd70\ufe0f\ud83c\udd71\ufe0f\ud83c\udd70\ufe0f\ud83c\udd71\ufe0f\\"}",\n    "method": "POST",\n    "mode": "cors"\n});<\/code><\/pre>\n
\u53d1\u8fc7\u53bb\u5c31\u770b\u5230flag\u4e86<\/p>\n
\"\"<\/p>\n
\u6700\u540e\u518d\u89e3\u4e2abase32\u5c31\u597d\u4e86<\/p>\n
\"\"<\/p>\n
d3craft<\/h2>\n
\n
\u2764\u6765\u81ea114<\/p>\n<\/blockquote>\n
\u7ed9node-minecraft-protocol\u6253\u8865\u4e01\u652f\u63011.19.4<\/h3>\n
npm install mineflayer<\/code><\/pre>\n
https:\/\/github.com\/PrismarineJS\/minecraft-data\/pull\/703<\/a><\/p>\n
\u7528\u8fd9\u4e2apr\u7684repo\u7684\u5168\u90e8\u5185\u5bb9 \u66ff\u6362node_modules\\minecraft-data\\minecraft-data \u7136\u540e <\/p>\n
\u4fee\u6539node_modules\\minecraft-data\\data.js \u6dfb\u52a0<\/p>\n
            '1.19.4': {\n      get attributes () { return require(".\/minecraft-data\/data\/pc\/1.17\/attributes.json") },\n      get blocks () { return require(".\/minecraft-data\/data\/pc\/1.19.4\/blocks.json") },\n      get blockCollisionShapes () { return require(".\/minecraft-data\/data\/pc\/1.19.4\/blockCollisionShapes.json") },\n      get biomes () { return require(".\/minecraft-data\/data\/pc\/1.19.4\/biomes.json") },\n      get effects () { return require(".\/minecraft-data\/data\/pc\/1.19.4\/effects.json") },\n      get items () { return require(".\/minecraft-data\/data\/pc\/1.19.4\/items.json") },\n      get enchantments () { return require(".\/minecraft-data\/data\/pc\/1.19.4\/enchantments.json") },\n      get recipes () { return require(".\/minecraft-data\/data\/pc\/1.19.4\/recipes.json") },\n      get instruments () { return require(".\/minecraft-data\/data\/pc\/1.19.4\/instruments.json") },\n      get materials () { return require(".\/minecraft-data\/data\/pc\/1.19.4\/materials.json") },\n      get language () { return require(".\/minecraft-data\/data\/pc\/1.19.4\/language.json") },\n      get entities () { return require(".\/minecraft-data\/data\/pc\/1.19.4\/entities.json") },\n      get protocol () { return require(".\/minecraft-data\/data\/pc\/1.19.4\/protocol.json") },\n      get windows () { return require(".\/minecraft-data\/data\/pc\/1.16.1\/windows.json") },\n      get version () { return require(".\/minecraft-data\/data\/pc\/1.19.4\/version.json") },\n      get foods () { return require(".\/minecraft-data\/data\/pc\/1.19.4\/foods.json") },\n      get particles () { return require(".\/minecraft-data\/data\/pc\/1.19.4\/particles.json") },\n      get blockLoot () { return require(".\/minecraft-data\/data\/pc\/1.19\/blockLoot.json") },\n      get entityLoot () { return require(".\/minecraft-data\/data\/pc\/1.19\/entityLoot.json") },\n      get loginPacket () { return require(".\/minecraft-data\/data\/pc\/1.19.2\/loginPacket.json") },\n      get tints () { return require(".\/minecraft-data\/data\/pc\/1.19.4\/tints.json") },\n      get mapIcons () { return require(".\/minecraft-data\/data\/pc\/1.16\/mapIcons.json") }\n    }<\/code><\/pre>\n
\u65b0\u5efabot\u7684\u5730\u65b9\u52a0 version: '1.19.4'<\/p>\n
const bot = mineflayer.createBot({\n    ...,\n    version: '1.19.4',\n})<\/code><\/pre>\n
\u4e0b\u8f7dmc\u6e90\u7801<\/h3>\n
https:\/\/github.com\/PaperMC\/Paper<\/a> \u8ddf\u7740readme.md\u914d\u7f6e\u5c31\u884c\uff0c\u4f46\u662f\u771f\u7684\u6162\u3002\u3002\u3002<\/p>\n
\u6f0f\u6d1e\u5206\u6790<\/h3>\n
internalTeleport\u4e2d\u53ef\u4ee5\u8bbe\u7f6e\u73a9\u5bb6\uff08\u5bf9\u5e94\u8fde\u63a5\uff09\u7684lastPos X Y Z\u4e3a\u88ab\u4f20\u9001\u7684\u4f4d\u7f6e\u3002<\/p>\n
\"\"<\/p>\n
\"\"<\/p>\n
\u6bcf\u4e00\u6b21\u73a9\u5bb6\u4e0a\u4f20\u5750\u6807\uff0c\u5982\u679c\u73a9\u5bb6\u4e0a\u4f20\u7684\u5750\u6807\u5728\u5899\u91cc\uff08\u5361\u78b0\u649e\u7bb1\uff09\uff0c\u90a3\u4e48\u4f1a\u8c03\u7528internalTeleport\u5c06\u73a9\u5bb6\u4f20\u9001\u56de\u5230\u73a9\u5bb6\u4e0a\u4f20\u524d\u7684\u5750\u6807\u3002<\/p>\n
\"\"<\/p>\n
\u5982\u679c\u73a9\u5bb6\u7684lastPos X Y Z \u4e0e\u73a9\u5bb6\u4e0a\u4f20\u7684\u5750\u6807\u76f8\u5dee\u5c0f\u4e8e\u7b49\u4e8e(1\/256)\u5219\u4e0d\u4f1a\u89e6\u53d1\u63d2\u4ef6\u7684PlayerMoveEvent\u4e8b\u4ef6<\/strong>\u3002<\/p>\n
\"\"<\/p>\n
\u6240\u4ee5\uff0c<\/p>\n
\u2460\u5728xz\u8f74\u79fb\u52a8(1\/256)-0.000001\uff0c\u73a9\u5bb6\u7684\u5750\u6807\u88ab\u8bbe\u7f6e\uff0c\u56e0\u4e3a\u79fb\u52a8\u8ddd\u79bb\u5c0f\u4e8e(1\/256)\uff0c\u6240\u4ee5\u4e0d\u4f1a\u89e6\u53d1\u63d2\u4ef6\u4e8b\u4ef6<\/p>\n
\u2461\u7136\u540e\u5728y\u8f74\u79fb\u52a8-0.000001\uff0c\u73a9\u5bb6\u7684\u5750\u6807\u4e0d\u4f1a\u88ab\u8bbe\u7f6e\uff0c\u4f1a\u5bfc\u81f4\u8c03\u7528internalTeleport\u5c06\u73a9\u5bb6\u4ece\u65b9\u5757\u5185\u62c9\u56de\uff0cinternalTeleport\u5c06\u73a9\u5bb6\u7684lastPos X Y Z\u8bbe\u7f6e\u6210\u2460\u4e2d\u73a9\u5bb6\u7684\u5750\u6807<\/p>\n
\u2462\u7b49\u5f85\u670d\u52a1\u5668\u5411\u5ba2\u6237\u7aef\u53d1\u9001\u62c9\u56de\u7684\u5750\u6807\uff0c\u5e76\u4e14teleport_confirm\uff08\u56e0\u4e3a\u4e0dteleport_confirm\u4e0d\u80fd\u8fdb\u884c\u79fb\u52a8\uff0c\u53c2\u89c1\u6e90\u7801\uff0c\u7565\uff09<\/p>\n
\u2460\u2461\u2462\u53cd\u590d\u6267\u884c\u7ea65000\u6b21\uff0c\u5373\u53ef\u79fb\u52a8\u5230(0.5,-60,0.5)\u7684\u4f4d\u7f6e\uff0c\u5e76\u4e14\u4e0d\u4f1a\u89e6\u53d1\u63d2\u4ef6\u7684PlayerMoveEvent\u4e8b\u4ef6<\/p>\n
exp<\/h3>\n
mc\u63e1\u624b\u6bd4\u8f83\u70e6\u4eba\uff0c\u91c7\u7528\u4e86mineflayer\u5b9e\u73b0\u63e1\u624b\uff0c\u5e76\u4e14\u7981\u7528\u4e86\u5b83\u7684\u7269\u7406\u5f15\u64ce\u63d2\u4ef6\u3002<\/p>\n
const fs = require('fs')\nconst mineflayer = require('mineflayer')\nconst bot = mineflayer.createBot({\n    host:"\u9776\u673a",\n    port:114514,\n    username: new Date().getTime().toString(),\n    version: '1.19.4',\n    loadInternalPlugins: false,\n    plugins: { 'health': true, 'entities': true, 'physics': false, 'chat': true },\n    physicsEnabled: false\n})\nbot._client.on("end", function (reason) {\n    console.log("end", reason)\n    console.log("player position:", player_position)\n    console.log("player initial:", initial_player_position)\n    \/\/ exit\n    process.exit(0)\n})\n\nconst delta = (1 \/ 256) - 0.00001\n\nlet state = "waiting_for_sync"\nlet player_position = {\n    x: -1,\n    y: -1,\n    z: -1,\n    yaw: -1,\n    pitch: -1,\n    flags: -1,\n}\nlet initial_player_position = undefined;\nlet move_count = 0;\n\nbot._client.on("systemChat", function (packet) {\n    console.log("systemChat", packet)\n  })\n\nbot._client.on("position", function (packet) {\n    if (!packet) return;\n    if (packet.teleportId == 1) return;\n    console.log("teleport_confirm", packet)\n    bot._client.write('teleport_confirm', { teleportId: packet.teleportId })\n {\n        player_position.x = packet.x;\n        player_position.y = packet.y;\n        player_position.z = packet.z;\n        if (player_position.yaw !== undefined) {\n            player_position.yaw = packet.yaw;\n            player_position.pitch = packet.pitch;\n        }\n        player_position.flags = packet.flags;\n        if (initial_player_position == undefined)\n            initial_player_position = Object.assign({}, player_position)\n    }\n    state = "moving"\n    console.log("sync_result", player_position)\n})\n\nfunction apply_move(){\n    if(player_position.z > 0.6){\n        player_position.z = player_position.z - delta;\n    }else if (player_position.z < 0.5){\n        player_position.z = player_position.z + delta;\n    }else if (player_position.x > 0.6){\n        player_position.x = player_position.x - delta;\n    }else if (player_position.x < 0.5){\n        player_position.x = player_position.x + delta;\n    }else{\n        \/\/ wave right hand\n        bot._client.write("arm_animation", {\n            hand: 0\n        })\n        \/\/interact with air\n        bot._client.write("use_entity", {\n            target: 0,\n            type: 2,\n            mouse: 2,\n            hand:0,\n            x:player_position.x,\n            y:player_position.y,\n            z:player_position.z,\n            sneaking: false\n        })\n    }\n}\n\nfunction tick() {\n    console.log("tick", state, move_count, player_position)\n    if (state == "waiting_for_sync") {\n        return;\n    }\n    else if (state == "moving") {\n        apply_move();\n        move_count++;\n        bot._client.write("position", {\n            ...player_position,\n            onGround: false\n        })\n        state = "falling";\n    }\n    else if (state == "falling"){\n        player_position.y = player_position.y - 0.000001;\n        bot._client.write("position", {\n            ...player_position,\n            onGround: false\n        })\n        state = "waiting_for_sync";\n    }\n}\n\nsetInterval(tick, 5)\n\nbot.on("spawn", function () {\n    console.log("spawned");\n})<\/code><\/pre>\n
\"\"<\/p>\n
Re<\/h1>\n
d3recover<\/h2>\n
\u7528bindiff\u4e24\u4e2a\u5bf9\u7740\u770b\uff0c\u7136\u540e\u627e\u5230\u68c0\u67e5flag\u7684\u903b\u8f91\u57282.0\u7684check\u91cc\u9762\uff0c\u4e8e\u662f\u53bb\u8bfb\u5bf9\u5e94\u51fd\u6570\u91cc\u7684\u903b\u8f91\u518d\u5199\u4e2a\u89e3\u5bc6\u5373\u53ef<\/p>\n
import base64\n\nflag = base64.b64decode('08fOyj+E27O2uYDq0M1y\/Ngwldvi2JIIwcbF9AfsAl4=')\nflag = list(flag)\n\nfor i in range(30):\n    flag[29 - i] = ((flag[29 - i] ^ 0x54) - flag[31 - i]) % 0xff\n\nfor i in range(32):\n    print(chr(flag[i] ^ 0x23), end="")\n\n#flag{y0U_RE_Ma5t3r_0f_R3vocery!}<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
Misc d3readfile \u8bfb\/var\/cache\/locate\/locatedb\u5f97\u5230\u5168\u6587\u4ef6\u5730\u5740\uff0c\u5728\u91cc\u9762\u641c\u7d22flag\u518d\u8bfb\u5373\u53ef d3gif \u5148\u5206\u5e27 from PIL import Image import os import random class GIFTest: def __init__(self, file_name): self.file_name = file_name # \u4f20\u5165\u7684\u6587 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-226","post","type-post","status-publish","format-standard","hentry","category-wp"],"_links":{"self":[{"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/posts\/226","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/comments?post=226"}],"version-history":[{"count":1,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/posts\/226\/revisions"}],"predecessor-version":[{"id":227,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/posts\/226\/revisions\/227"}],"wp:attachment":[{"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/media?parent=226"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/categories?post=226"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/tags?post=226"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}